On Mon, 2023-09-04 at 15:34 +0200, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > In preparation for moving IMA and EVM to the LSM infrastructure, introduce > the path_post_mknod hook. > > It is useful for IMA to let new empty files be subsequently opened for > further modification. (Please remove "It is useful for" here and in other patch descriptions. Will not repeat this again.) Possible wording: IMA-appraisal requires all existing files in policy to have a file hash/signature stored in security.ima. An exception is made for empty files created by mknod, by tagging them as new files. > > LSMs can benefit from this hook to update the inode state after a file has > been successfully created. (Please remove "LSMs can benefit from" here and in other patch descriptions.) Please make sure that the patch description is in sync with the LSM hook kernel doc. > The new hook cannot return an error and cannot > cause the operation to be canceled. (Separate paragaraph) > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> -- thanks, Mimi
